17 matches found
EUVD-2017-16580
Malware in sbrugna...
Schneider Electric Modicon M221 TM221CE16R PLC Detection
Binary data 751165.prm...
Schneider Electric Modicon TM221CE16R 1.3.3.3 Information Disclosure
Binary data 720161.prm...
Schneider Electric Modicon TM221CE16R Information Disclosure Vulnerability
The Schneider Electric Modicon TM221CE16R is a programmable controller from Schneider Electric France. A security vulnerability exists in the Schneider Electric Modicon TM221CE16R version 1.3.3.3. A remote attacker can exploit this vulnerability by sending a...
Schneider Electric SoMachine Basic and Schneider Electric Modicon TM221CE16R Security Bypass Vulnerability
Schneider Electric SoMachine Basic and Schneider Electric Modicon TM221CE16R are both products of Schneider Electric France. The former is a programming and debugging interface for all components on the control platform; the latter is a programmable controller. A security vulnerability exists in...
Hardcoded credentials
Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...
CVE-2017-7575
Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port 502/tcp. Subsequently the application may be arbitrarily downloaded, modified, and uploaded...
CVE-2017-7575
Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port 502/tcp. Subsequently the application may be arbitrarily downloaded, modified, and uploaded...
CVE-2017-7574
Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...
CVE-2017-7575
Schneider Electric Modicon TM221CE16R devices (firmware up to 1.3.3.3) are affected by CVE-2017-7575. A remote attacker can send a crafted Modbus/TCP request to port 502 to disclose the application protection password, enabling arbitrary download, modification, and upload of the application. The ...
CVE-2017-7575
Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port 502/tcp. Subsequently the application may be arbitrarily downloaded, modified, and uploaded...
CVE-2017-7574
Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...
CVE-2017-7575
Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port 502/tcp. Subsequently the application may be arbitrarily downloaded, modified, and uploaded...
CVE-2017-7574
Schneider Electric SoMachine Basic 1.4 SP1 and Modicon TM221CE16R 1.3.3.3 contain a hardcoded cryptographic key used to AES-CBC encrypt project files; the fixed key (SoMachineBasicSoMachineBasicSoMa) cannot be changed, allowing decrypted data to reveal the user password and enable opening/modifyi...
Schneider Hardcoded Password
OpenSource Security Ralf Spenneberg Am Bahnhof 3-5 48565 Steinfurt [email protected] OS-S Security Advisory 2017-02 Date: April 4th, 2017 Authors: Simon Heming, Maik BrA1/4ggemann, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 10 Affected Device: Schneider SoMachine Basic 1.4 SP1,...
PT-2017-17810
Name of the Vulnerable Software and Affected Versions Schneider Electric Modicon TM221CE16R version 1.3.3.3 Description The issue allows remote attackers to discover the application-protection password by sending a specific request to the Modbus port 502/tcp. After obtaining the password, an...
PT-2017-17809
Name of the Vulnerable Software and Affected Versions Schneider Electric SoMachine Basic version 1.4 SP1 Schneider Electric Modicon TM221CE16R version 1.3.3.3 Description The issue concerns a hardcoded-key vulnerability in the Project Protection feature, which is used to prevent unauthorized acce...